summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorKonstantin Ritt <ritt.ks@gmail.com>2014-05-22 02:39:44 +0300
committerThe Qt Project <gerrit-noreply@qt-project.org>2014-05-23 12:10:13 +0200
commitbe0bfe09ee4b99e9ab45c6898949b5d144e77a29 (patch)
tree50f7dda7cbcc4a11cfea9be7cbd800908388fe53 /src
parent9b3b33b11027d0dd013447c3b59939712c432249 (diff)
Guarantee QTextEngine::findItem() returns -1 for invalid strPos
...and check the returned value where it may cause undefined behavior (i.e. negative amount of items or iteration from -1 to n). Change-Id: Ib7bd9ab178526df45b792ad48b91ebbab6be861a Reviewed-by: Simon Hausmann <simon.hausmann@digia.com>
Diffstat (limited to 'src')
-rw-r--r--src/gui/text/qtextengine.cpp8
-rw-r--r--src/gui/text/qtextlayout.cpp1
2 files changed, 7 insertions, 2 deletions
diff --git a/src/gui/text/qtextengine.cpp b/src/gui/text/qtextengine.cpp
index 0928a22352..c4eb47f708 100644
--- a/src/gui/text/qtextengine.cpp
+++ b/src/gui/text/qtextengine.cpp
@@ -847,7 +847,7 @@ void QTextEngine::shapeLine(const QScriptLine &line)
int item = findItem(line.from);
if (item == -1)
return;
- for (item = findItem(line.from); item <= end; ++item) {
+ for ( ; item <= end; ++item) {
QScriptItem &si = layoutData->items[item];
if (si.analysis.flags == QScriptAnalysis::Tab) {
ensureSpace(1);
@@ -1634,6 +1634,9 @@ bool QTextEngine::isRightToLeft() const
int QTextEngine::findItem(int strPos) const
{
itemize();
+ if (strPos < 0 || strPos >= layoutData->string.size())
+ return -1;
+
int left = 1;
int right = layoutData->items.size()-1;
while(left <= right) {
@@ -2053,7 +2056,8 @@ void QTextEngine::justify(const QScriptLine &line)
return;
int firstItem = findItem(line.from);
- int nItems = findItem(line.from + line_length - 1) - firstItem + 1;
+ int lastItem = findItem(line.from + line_length - 1);
+ int nItems = (firstItem >= 0 && lastItem >= firstItem)? (lastItem-firstItem+1) : 0;
QVarLengthArray<QJustificationPoint> justificationPoints;
int nPoints = 0;
diff --git a/src/gui/text/qtextlayout.cpp b/src/gui/text/qtextlayout.cpp
index 912ab05a59..a48fef7e8b 100644
--- a/src/gui/text/qtextlayout.cpp
+++ b/src/gui/text/qtextlayout.cpp
@@ -1730,6 +1730,7 @@ void QTextLine::layout_helper(int maxGlyphs)
int item = -1;
int newItem = eng->findItem(line.from);
+ Q_ASSERT(newItem >= 0);
LB_DEBUG("from: %d: item=%d, total %d, width available %f", line.from, newItem, eng->layoutData->items.size(), line.width.toReal());
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-21 17:47:14 +0000